Boards Cannot Delegate Accountability: Fiduciary Duties, Caremark Oversight, and the Age of AI-Mediated Authority

This paper is published for informational and academic purposes only. It does not constitute legal advice and does not create a lawyer-client relationship. Readers should seek independent legal advice before acting on any matter discussed herein. The views expressed are those of the author and do not represent the position of any court, regulator, or other institution. © 2026 Peter Kahl / Lex et Ratio Ltd.

Executive Summary

Directors may lawfully delegate operational functions. What they may not do — consistently with fiduciary office — is relinquish responsibility for the criteria by which corporate action is framed, prioritized, and supervised. That limit is not a recent innovation; it is the structural premise of Delaware corporate law and of the fiduciary framework governing directors in the majority of U.S. states. DGCL §141(a) vests management in the board, and Delaware courts have consistently held that this authority cannot be structurally surrendered: Grimes v. Donald articulated the abdication test; Moelis & Co. and Wagner v. BRP Group struck down provisions that pre-committed board authority or interposed a non-board gatekeeper. MBCA §8.30(b) reinforces the point by conditioning reliance protection on the director's practical capacity to assess what the board is relying upon. This paper applies that existing framework to a new factual context. It does not propose new liability standards.

As organizations embed discretion in persistent, decision-structuring infrastructure — including AI-enabled processes — the locus of fiduciary attention shifts upstream. When such systems become operationally central and materially shape what decisions are realistically reachable, they cross a Delegation Threshold: authority becomes infrastructural, and the architecture itself becomes legally consequential under §141(a) and the Caremark oversight framework. This paper identifies five governance requirements that fiduciary compliance demands in that context: attributable authority, bounded scope, structured escalation and override capacity, operational reversibility, and sustained oversight against drift. Each requirement maps to an existing obligation: §141(a) non-abdication, the duty of care, the duty of loyalty, the §141(a) capacity requirement, and the Caremark continuity obligation respectively. The argument does not expand fiduciary doctrine. It identifies where established duties attach when discretion is channeled through embedded systems. The primary frame is U.S. law; English company law is engaged comparatively. Delaware oversight doctrine is uniquely positioned to absorb these disputes: it already governs institutional control systems, and automated decision infrastructure maps directly onto its existing framework. Caremark litigation may prove to be the primary pathway through which AI governance enters corporate fiduciary law.

‍

‍

1. Delegation Is Lawful; Abdication Is Not

Corporate law has never prohibited delegation. What it prohibits is abdication: the surrender, not merely the distribution, of evaluative and supervisory responsibility. By evaluative responsibility is meant the capacity to determine, interrogate, and revise the criteria by which corporate decisions are framed and justified — the standards that give direction to delegated action. DGCL §141(a) — providing that corporate affairs shall be managed by or under the direction of the board — authorizes delegation of execution while preserving board-level accountability for direction. The board may distribute tasks. It cannot distribute the authority that makes it the board.

Delaware courts have enforced this across more than three decades. In Grimes v. Donald, the Court of Chancery held that arrangements so constraining future board decision-making that independent judgment becomes unavailable in practice constitute impermissible abdication of §141(a) authority. The abdication claim was dismissed on its merits — the compensation restriction as pleaded was insufficient — but the court left no doubt the doctrine has real content. Sample v. Morgan confirmed abdication is pleadable where a compensation committee approved an entire authorized share bloc to three directors without adequate shareholder disclosure and without the full board engaging with the evaluative standards governing the exercise. In Moelis, Vice Chancellor Laster applied the Abercrombie test (Abercrombie v. Davies, 123 A.2d 893 (Del. Ch. 1956)) to strike down stockholder agreement provisions — pre-approval requirements, committee composition mandates, vacancy restrictions — requiring the board to obtain permission before exercising its own authority. In Wagner, an officer pre-approval requirement was invalidated on the same basis: it interposed a non-board gatekeeper between the board and its statutory authority, inverting the §141(a) hierarchy. Governance architecture routing board-level decision-making through a control point the board does not itself control violates §141(a) regardless of how it is characterized or consented to.

Under MBCA §8.30(b), reliance on systems or advisors is a conditional permission, not a wholesale transfer of accountability: the protection requires a reasonable basis to believe the source is reliable and competent within its scope of authority. In Gantler v. Stephens, the Delaware Supreme Court confirmed that officers owe fiduciary duties of care and loyalty — where AI systems are specified and managed at C-suite level, that accountability attaches before board-level oversight is engaged. Stone v. Ritter confirmed that sustained oversight failure may constitute a breach of the duty of loyalty via bad faith. DGCL §102(b)(7) exculpates directors for care violations; it does not exculpate loyalty breaches. A Caremark failure that rises to bad faith carries consequences that cannot be contracted away in the charter.

English law converges by a different route. Sections 173 and 174 of the Companies Act 2006 require independent judgment and competent supervision. Regal (Hastings) Ltd v. Gulliver establishes that fiduciary accountability attaches by reason of office, irrespective of outcome. Re Barings plc (No 5) confirms that supervision cannot be discharged by passive reliance on subordinates. Re Westmid Packing Services Ltd (No 3) establishes that directorial responsibilities are personal and non-transferable — a director cannot escape liability by allowing others to exercise de facto control. Both systems presuppose that an identifiable fiduciary actor must remain answerable for the evaluative standards governing corporate action.

2. Structural Accountability in Fiduciary Law

Fiduciary law is concerned not only with harmful outcomes but with the structural conditions under which entrusted authority is exercised. In Regal (Hastings) Ltd v. Gulliver, a foundational English authority, directors were required to account for profits made by reason of their office absent any loss to the company and absent dishonesty: liability attached to the exercise of entrusted power within a fiduciary structure, not to the production of a harmful result. Delaware's oversight framework reflects the same logic through a different doctrinal pathway. Caremark and Stone v. Ritter ask not whether a specific decision caused harm, but whether the board ensured the existence of governance architecture capable of providing meaningful information and control. Marchand v. Barnhill sharpened the point: where a risk is mission-critical, the board must engage with it at board level — not delegate it into a committee and receive summary reports. The deficiency in Marchand was structural: the absence of board-level monitoring systems dedicated to the core risk. The inquiry is architectural before it is evaluative.

Delaware oversight doctrine is uniquely positioned to absorb AI governance disputes because it already governs institutional control systems. As AI becomes embedded in those systems, automated decision infrastructure can be framed as an oversight failure without requiring new doctrine. Caremark litigation may prove to be the primary pathway through which AI governance enters corporate fiduciary law. That pathway operates as much through soft law as through litigation: Caremark's influence on board behavior and governance design has historically far exceeded the actual probability of successful claims, shaping conduct through norms and constituency pressure rather than verdict. That pathway is most clearly actionable where AI infrastructure gives rise to materially misleading representations to customers or regulators — bringing the claim within Caremark's legal-violation requirement without extending doctrine, as Arlen demonstrates in the analogous cybersecurity disclosure context.

The care/loyalty distinction has practical consequences practitioners cannot afford to overlook. Caremark claims travel through the duty of loyalty via bad faith, not through care alone. DGCL §102(b)(7) exculpation shields directors from care-based liability but not loyalty breaches. Where AI systems make mission-critical decisions at scale and a board has structured its governance so that it cannot meaningfully monitor or correct what those systems do, the conditions for bad faith disengagement are materially closer than they would be for a discrete human decision that turns out badly.

Aronson v. Lewis conditioned business judgment rule protection on board-level deliberation by disinterested, informed directors: the rule protects decisions attributable to identifiable fiduciaries exercising genuine judgment, not structurally diffuse or architecturally automated processes. Basho Technologies Holdco B, LLC v. Georgetown Basho Investors, LLC held that a party exercising effective control over corporate decision-making — regardless of formal title or position — is subject to fiduciary scrutiny and entire fairness review. While Basho concerned a controlling stockholder rather than an automated system, its reasoning points directly to the question this paper raises: courts ask who is actually exercising authority in substance. Where discretion has migrated into infrastructure that no identified fiduciary effectively controls, that question has no satisfactory answer.

Moelis and Wagner establish that §141(a) constrains governance arrangement design: provisions that effectively remove the board's practical capacity to govern are facially invalid. Subsequent DGCL amendments qualified that principle for stockholder agreements through new §122(18), while amended §122(5) simultaneously reaffirmed that boards cannot delegate fundamental functions to officers or agents — leaving the structural constraint fully intact for governance architecture generally. §141(a) asks whether the board retains genuine capacity to exercise its statutory authority in fact, not merely in form. Basho extends this framework further: courts will pierce whatever form an arrangement takes to ask who is actually exercising discretion — and will hold that actor to fiduciary account. The English Supreme Court's reasoning in Recovery Partners GP Ltd v. Rukhadze (2025) reinforces this orientation from a distinct doctrinal direction: the breach lies in the unauthorized exercise of entrusted power, not merely in the economic consequence. Form does not displace duty.

3. The Delegation Threshold: When Infrastructure Acquires Authority

The mere use of technology does not alter fiduciary allocation. The question is when delegated functions become sufficiently embedded that the infrastructure itself shapes the exercise of corporate discretion — the Delegation Threshold. It is crossed where delegation diffuses authority such that directors no longer retain real capacity to determine, supervise, and alter the evaluative standards governing corporate action. The governing principle is direct: when discretion becomes infrastructural, fiduciary oversight becomes architectural. Three features, individually probative and collectively sufficient, indicate that the threshold has been crossed:

— Persistence: the system operates continuously as part of the organization's control environment rather than as an ad hoc tool.

— Practical lock-in: managers cannot meaningfully bypass the system without disrupting operations or violating internal policy.

— Decision-structuring effect: organizational judgments are materially framed, filtered, or prioritized by the system's outputs.

Where all three converge, discretion is clearly channeled through an architecture that conditions what decisions are realistically reachable; the presence of any two raises a §141(a) structural concern warranting board-level attention. Moelis and Wagner struck down contractual provisions that pre-committed or gatekept board authority. Operational infrastructure can produce the same deprivation through accumulation rather than design: a governance system that began as decision-support and became the practical determinant of what the board could authorize raises the same §141(a) structural concern as a stockholder agreement requiring pre-approval — not through facial invalidity but through accumulated operational constraint. The Delegation Threshold identifies the point at which operational embedding crosses into structural constraint. The §141(a) question posed by Moelis and Wagner is legally prior to any BJR analysis: has the board retained practical capacity to exercise the authority §141(a) vests in it? Where an AI system filters what options the board sees, or where parameters governing its outputs cannot practically be revised, the precondition for BJR protection — genuine deliberation by the board acting as the board — has not been met.

Obeid v. Hogan illustrates the structural limit from a different angle: the Court of Chancery held that core governance functions cannot be delegated to actors outside the class of fiduciaries holding managerial authority. Delaware subsequently amended its LLC statutes on delegation, but the underlying §141(a) corporate principle — that governance authority cannot be structurally removed from the fiduciary class — was not disturbed. The analogy to AI systems should not be overstated, but its logic applies: where the effective exercise of discretion has shifted to infrastructure no identified fiduciary controls, the statutory requirement that governance authority remain within the fiduciary class is not satisfied by formal designation alone. MBCA §8.30(b)'s reliance protection reaches the same boundary: where a system operates beyond the board's practical oversight — where no director can identify who is responsible for its parameters or revise its evaluative assumptions — the condition for reliance protection is not satisfied.

4. Five Governance Requirements

Where discretion becomes infrastructural, fiduciary discipline must be operationalized. The following requirements are derived from existing doctrine and specify how established duties apply when authority is exercised through persistent systems. Each maps to a distinct obligation: attributable authority addresses non-abdication under §141(a); bounded scope addresses the duty of care; structured escalation addresses the duty of loyalty; operational reversibility addresses the §141(a) capacity requirement; and drift control addresses the Caremark continuity obligation.

Requirement 1: Attributable Authority

Responsibility for system-level discretion must remain identifiable and allocable. Caremark and Stone v. Ritter presuppose that directors can identify who is responsible for reporting system integrity; MBCA §8.30(b) requires knowing who owns the source; Obeid establishes that governance authority cannot migrate outside the fiduciary class; Gantler confirms officer-level accountability attaches to those managing governance systems on the board's behalf. In practice: responsibility for system design, parameter setting, monitoring, and escalation must be explicitly allocated to identified officers or committees with documented mandates and intelligible reporting lines. Where no officer can answer for the evaluative framework embedded in a system's outputs, accountability has already eroded.

Requirement 2: Bounded Scope

Delegated authority must operate within defined and reviewable limits. Moelis and Wagner establish that provisions making board action contingent on processes the board does not control are facially problematic under §141(a) — a principle the post-Moelis DGCL amendments left intact for governance architecture, and reinforced through amended §122(5)'s reaffirmation that boards cannot delegate fundamental functions to officers or agents; MBCA §8.30(b)'s reliance protection requires the source to be competent within its scope — scope without definition is scope without protection. Boards must define what categories of decisions the system may influence, the thresholds at which it operates, and the limits of reliance on its outputs. Persistent failure to define and maintain those boundaries — particularly in domains Marchand would classify as mission-critical — risks both a §141(a) structural problem and a Caremark oversight failure.

Requirement 3: Structured Escalation and Override Capacity

The inverse of Wagner's gatekeeper problem is the absence of an override mechanism: a system that can neither be halted nor escalated around is functionally equivalent to a gatekeeper that cannot be bypassed. Marchand underscores that boards must monitor compliance and mission-critical risk, not only performance metrics; Delaware loyalty doctrine establishes that profitable outcomes do not validate unauthorized action. Governance infrastructure must include mechanisms that can halt, flag, or escalate decisions falling outside mandate or risk tolerance — structured pathways for override, human review, or suspension when system-generated outcomes conflict with legal, regulatory, or fiduciary constraints. Systems that optimize without constraint logic risk crossing the Delegation Threshold without any deliberate decision to do so.

Requirement 4: Operational Reversibility

Directors must retain practical capacity to modify or suspend infrastructural delegation. Grimes establishes that arrangements depriving the board of genuine capacity to govern violate §141(a) — reversibility is a structural legal requirement, not a best-practice aspiration. Moelis confirms governance architecture is reviewable; Basho establishes that courts look to who actually exercises control, making nominal reversibility legally insufficient where practical reversibility has been lost. Where systems become effectively irreversible — through contractual lock-in, technical opacity, or organizational dependency — the board's §141(a) authority has been hollowed out. Nominal authority over a system the board cannot practically alter does not satisfy the active oversight obligation Stone v. Ritter requires.

Requirement 5: Drift Control

The Caremark obligation is not discharged at implementation; Stone v. Ritter and Marchand make clear that oversight is continuous, and MBCA §8.30's good-faith requirement is similarly ongoing. Hamrock (Del. Ch. 2022) illustrates what adequate oversight looks like: a Caremark claim was dismissed because the board had established a dedicated safety committee meeting five times annually, receiving substantive reports, and reporting regularly to the full board. For AI governance, the equivalent requires periodic review of system scope, performance, compliance alignment, and dependency risk — translated into board-level evaluative terms, not technical metrics. Boards should distinguish design drift (changes to architecture), data drift (changes in informational inputs), and usage drift (increasing reliance on outputs originally intended as advisory). Documented supervision across these dimensions is what defeats an oversight failure claim.

A Testable Diagnostic

The following three questions operationalize that diagnostic for boards and their counsel. If the answer to any of these questions is negative, delegation risks crossing from permissible structuring into abdication — and existing duties of care, loyalty, oversight, and the structural requirements of §141(a) are undermined by governance design.

5. What This Argument Does Not Claim

This analysis applies existing doctrine to a new factual context; it does not impose strict liability for adverse system outputs or propose new liability standards. The Caremark threshold is bad faith or sustained, systematic oversight failure — not ordinary error. Hamrock illustrates the other side of the line: a board that had established a dedicated safety committee with substantive reporting and regular full-board engagement defeated the oversight failure claim precisely because it had built genuine monitoring architecture. Boards that do the same for AI governance systems are meaningfully better positioned as a matter of law, not merely best practice. The BJR remains available where directors have genuinely engaged with governance architecture design — asked the right questions, received meaningful information, and exercised substantive judgment. As Aronson establishes, deference follows from genuine deliberation; it does not substitute for it.

The argument does not question the legitimacy of delegation, nor is it technology-exceptionalist. The §141(a) principles articulated in Grimes, Moelis, and Wagner apply equally to algorithmic pricing systems, actuarial models, and automated compliance frameworks. AI amplifies the speed, scale, and opacity of delegation, but the doctrinal issue arises from structural delegation itself. What changes with AI is not the legal principle but the urgency with which governance architecture must be designed to satisfy it.

6. Conclusion: Retaining Operational Sovereignty

DGCL §141(a) vests management authority in the board. Grimes, Sample, Moelis, and Wagner establish that this vesting cannot be structurally surrendered — whether through contractual constraints or the progressive embedding of discretion in systems the board no longer effectively controls. Caremark, Stone, and Marchand establish that boards must actively maintain the oversight architecture through which their authority is exercised. Basho and Obeid confirm that courts will pierce governance form to ask who is actually exercising authority and hold those actors — at whatever level — to fiduciary account.

Operational sovereignty does not mean constant intervention. It means that directors — and the officers accountable to them — retain effective and practicable control over the institutional frameworks through which corporate power is exercised. That control is secured not by asserting it in a governance policy but by building it into the architecture of delegation itself: documented mandates, defined limits, functioning escalation paths, and structured review cycles that give the board a real, not merely nominal, capacity to own the evaluative standards of corporate action. Fiduciary law does not demand technological perfection. It demands disciplined governance of the architecture that makes delegation possible.

References

United States Legislation

Delaware General Corporation Law, §§ 102(b)(7), 141(a)
Model Business Corporation Act, § 8.30

United States Case Law

Abercrombie v. Davies, 123 A.2d 893 (Del. Ch. 1956), aff'd 130 A.2d 338 (Del. 1957)
Aronson v. Lewis, 473 A.2d 805 (Del. 1984)
Basho Technologies Holdco B, LLC v. Georgetown Basho Investors, LLC, C.A. No. 11802-VCL, 2018 WL 3326693 (Del. Ch. July 6, 2018)
City of Detroit Police & Fire Retirement System v. Hamrock, 2022 WL 2387653 (Del. Ch. June 30, 2022)
Gantler v. Stephens, 965 A.2d 695 (Del. 2009)
Grimes v. Donald, 1995 Del. Ch. LEXIS 3 (Del. Ch. Jan. 11, 1995)
In re Caremark International Inc. Derivative Litigation, 698 A.2d 959 (Del. Ch. 1996)
Marchand v. Barnhill, 212 A.3d 805 (Del. 2019)
Obeid v. Hogan, C.A. No. 11900-VCL, 2016 WL 3356851 (Del. Ch. June 10, 2016)
Sample v. Morgan, 914 A.2d 647 (Del. Ch. 2007)
Stone v. Ritter, 911 A.2d 362 (Del. 2006)
Wagner v. BRP Group, Inc., 316 A.3d 826 (Del. Ch. 2024)
West Palm Beach Firefighters' Pension Fund v. Moelis & Co., 311 A.3d 809 (Del. Ch. 2024)

United Kingdom Legislation

Companies Act 2006, ss 172–175

United Kingdom Case Law

Re Barings plc (No 5) [1999] 1 BCLC 433
Re Westmid Packing Services Ltd (No 3) [1998] 2 BCLC 646
Recovery Partners GP Ltd v. Rukhadze [2025] UKSC 10
Regal (Hastings) Ltd v. Gulliver [1967] 2 AC 134 (HL)

Regulatory Documents

National Audit Office and Supreme Audit Institutions of Brazil, Finland, Germany, the Netherlands and Norway, Auditing AI Systems: A Guide for Public Auditors (Dec. 19, 2025).

Secondary Sources

Jennifer Arlen, "Directors' Caremark Liability for Fraudulent Disclosures to Customers about the Company's Cybersecurity: SolarWinds Reconsidered," 50 Iowa J. Corp. L. 1141 (2025).
Deborah A. DeMott, "Beyond Metaphor: An Analysis of Fiduciary Obligation," 1988 Duke L.J. 879.
Tamar Frankel, Fiduciary Law (Oxford Univ. Press 2011).
Claire A. Hill & Zohreh Zakiani, "What Should Caremark Encompass?" 19 Brook. J. Corp. Fin. & Com. L. 33 (2024).
Peter Kahl, "Authority Without Authorship: Delegation Thresholds in Agentic AI Systems," Lex et Ratio Ltd. Preprint (2026).
Peter Kahl, "When Discretion Becomes Infrastructural: The Delegation Threshold, Caremark Oversight, and the Fiduciary Governance of AI Authority," (forthcoming Journal of Corporate Law Studies (2026)).
Paul B. Miller, "The Fiduciary Relationship," in Philosophical Foundations of Fiduciary Law 63 (Andrew S. Gold & Paul B. Miller eds., Oxford Univ. Press 2014).
Lionel Smith, "Fiduciary Relationships: Ensuring the Loyal Exercise of Judgment," in Philosophical Foundations of Fiduciary Law 235 (Andrew S. Gold & Paul B. Miller eds., Oxford Univ. Press 2014).

© 2026 Peter Kahl / Lex et Ratio Ltd. | LXR-GOV-2026-02 | Working paper v16, March 8, 2026

‍

Author Biography

Peter Kahl, LL.M., is the founder of Lex et Ratio Ltd. and a researcher focused on AI governance, fiduciary law, and institutional responsibility in algorithmic decision-making. A former Silicon Valley engineer specialising in analog and mixed-signal design and complex software, he brings a practitioner’s perspective to questions of board oversight and technology risk. His work examines agency, responsibility, and authority in AI architectures, including how doctrines such as Caremark apply when discretionary decision power is embedded in automated infrastructure. Kahl writes on governance design for directors and regulators confronting the delegation of decision authority to AI.

Email: peter.kahl@juris.vc

Institution: Lex et Ratio Ltd.

ORCID: 0009-0003-1616-4843

‍